<?php 
    include_once('../includes/db.inc.php');
        
    class AdminDAL {
        
        function login($user,$pass){
            $arr_return = array(); // khai bao mot mang dung de tra ve ket qua cua ham
            
            $cmd_txt ="select * from administrators where username = '" . $user."'";
            
            $query = mysql_query($cmd_txt); //excute query
            
            
            if($query!= false){
                $total_rows = mysql_num_rows($query);
            }else{
                $total_rows = 0;
            }
            $message ='';
            $error_message='';
            if($total_rows >0){
                $row = mysql_fetch_object($query);
                if($row->password == sha1($pass)){
                    $message = 'success';
                    $_SESSION['admin'] = $user;
                    header('location: index.php');
                }else{
                    $error_message = 'Sai mật khẩu!';
                }
            }else{
                $error_message = 'Tên đăng nhập không tồn tại!';
            }
            
            $arr_return['message'] = $message;
            $arr_return['error_message'] = $error_message;
            
            return $arr_return;
        }
        
        function getAllMembers()
        {
            $select_command = "select * from members";
            $result = mysql_query($select_command);
            
            
            if($result != false)
            {
                if(mysql_num_rows($result) > 0)
                {
                    while($row = mysql_fetch_assoc($result))
                    {
                        $memberList[] = $row;
                    }
                    return $memberList;
                }
                else
                {
                    return null;
                }    
            }
        }
        
        function checkUsername($username)
        {
            $select_command = "select * from members where Username='" . $username . "'";
            $result = mysql_query($select_command);
            if(mysql_num_rows($result) > 0)
            {
                return true;
            }
            else
            {
                return false;
            }
        }
        function insertMember($member)
        {
            $username = $member["username"];

            if($this->checkUsername($username))
            {
                $error_message="Tên đăng nhập này đã tồn tại";
                return $error_message;
            }
            else
            {
                $password = sha1($member["password"]);
                $fullname = $member["fullname"];
                $email = $member["email"];
                if(isset($member["gender"]))
                {
                    $gender = $member["gender"];
                }
                else
                {
                    $gender = "";
                }
            
                if(isset($member["description"]))
                {
                    $description = $member["description"];
                }
                else
                {
                    $description = "";
                }
                
                $insert_command = "insert into members(Username,Passwd,Fullname,Email,Gender,Description) values('" . $username . "','" . $password . "','" . $fullname . "','" . $email . "','" . $gender . "','" . $description . "')";
                if(mysql_query($insert_command))
                {
                    $error_message="";
                    return $error_message;
                }
                else
                {
                    $error_message= mysql_error();
                    return $error_message;
                }
            }        
        }   
        
        function getMember($userID)
        {
            $cmd = "select * from members where UserID = '" . $userID . "'";
            $result = mysql_query($cmd);
            if($result != false)
            {
                return mysql_fetch_assoc($result);
            }
        }
        
        function deleteMember($userID)
        {
            $cmd_txt = "update members set Active ='0' where UserID = '" . $userID . "'";
            return mysql_query($cmd_txt);
        }
        
        function deleteMembers($userId_array)
        {
            $count = count($userId_array);
            foreach($userId_array as $userId)
            {
                if(!$this->deleteMember($userId))
                {
                    $count = $count - 1;
                };                    
            }  
            return $count;                     
        } 
        
        function updateMember($member)
        {
            $username = $member["username"];
            $userId = $member["userId"];
            $pre_username = $member["pre_username"];
            if($this->checkUsername($username)&& ($pre_username != $username))
            {
                return "Tên đăng nhập này đã tồn tại";
            }
            else
            {
                $m = $this->getMember($userId);
                $password = $member["password"];
                $active = "0";
                if($password != $m["Passwd"])
                {
                    $password = sha1($password);
                }
                if(isset($member["active"]))
                {
                    $active = "1";
                }
                $cmd_txt = "update members set Username = '" . $username . "', 
                                                Passwd = '" . $password . "', 
                                                Fullname = '" . $member["fullname"] . "', 
                                                Email = '" . $member["email"] . "', 
                                                Gender = '" . $member["gender"] . "',
                                                Description = '" . $member["description"] . "',
                                                Active = '" . $active . "'
                                                Where UserID = " . $userId;
                
                if (mysql_query($cmd_txt))
                {
                    return "";
                }
                else
                {
                    return mysql_error();
                }
            }   
        }
    }

?>